Breaches Will Occur: Defending from WithinDoD Developing Layered Approach to Infosec
Agility may prove to be the best tactic the military offers in defending its IT systems.
Defense networks will be breached. One of the most significant incursion of military systems was revealed late last month by Defense Deputy Secretary William Lynn III, in a media briefing, in which a flash drive inserted into a laptop by a foreign military agency spread malicious code onto a classified network in 2008.
Despite efforts to tighten security to prevent such digital invasions, the military understands such breaches could still occur, which led Lynn to say the military must develop and train its cyber defenders to act in a degraded information environment:
"You don't have everybody assuming they're going to have all of the systems they have at every time. Things can be compromised, things can be brought down, and just like any other military capability, in that we are flexible and agile enough to still be able to operate in that degraded environment. ... We're trying to develop very much a layered defense, that no one thing is going to work perfectly."
Recognizing that systems will be penetrated, a new mindset is evolving in which IT security focuses on gaining a better understand who is in the system, and preventing those who gain unauthorized access from doing harm.
Former National Security Agency CIO Preston Winter said in an interview that's a change from the old-school perimeter defense approach:
"You have to assume that your walls are going to be breached. You have to assume that they are going to get in. So the art form here is to figure out who is in your network, good or bad, figure out what they are doing, identify whether it is consistent with or contrary to all the policies that you have to put in place to protect all of your information and systems, and then finally once you determine that somebody's in there and they are doing something that you don't like that is contrary to policy, figure out how to stop it and figure out how to stop it quickly so that they don't do more than acceptable levels of harm.
This agile model requires new sets of skills and tools to safeguard critical systems.